Update random_compat to v2.0.4

This commit is contained in:
rugk 2016-11-08 16:52:43 +01:00
parent bd30ae419a
commit 3b1eb64386
No known key found for this signature in database
GPG key ID: 05D40A636AFAB34D

View file

@ -3,8 +3,8 @@
* Random_* Compatibility Library
* for using the new PHP 7 random_* API in PHP 5 projects
*
* @version 2.0.2
* @released 2016-04-03
* @version 2.0.4
* @released 2016-11-07
*
* The MIT License (MIT)
*
@ -41,8 +41,10 @@ if (!defined('PHP_VERSION_ID')) {
$RandomCompatversion = null;
}
/**
* PHP 7.0.0 and newer have these functions natively.
*/
if (PHP_VERSION_ID < 70000) {
if (!defined('RANDOM_COMPAT_READ_BUFFER')) {
define('RANDOM_COMPAT_READ_BUFFER', 8);
}
@ -67,7 +69,7 @@ if (PHP_VERSION_ID < 70000) {
* 4. COM('CAPICOM.Utilities.1')->GetRandom()
* 5. openssl_random_pseudo_bytes() (absolute last resort)
*
* See ERRATA.md for our reasoning behind this particular order
* See RATIONALE.md for our reasoning behind this particular order
*/
if (extension_loaded('libsodium')) {
// See random_bytes_libsodium.php
@ -123,6 +125,20 @@ if (PHP_VERSION_ID < 70000) {
/**
* mcrypt_create_iv()
*
* We only want to use mcypt_create_iv() if:
*
* - random_bytes() hasn't already been defined
* - PHP >= 5.3.7
* - the mcrypt extensions is loaded
* - One of these two conditions is true:
* - We're on Windows (DIRECTORY_SEPARATOR !== '/')
* - We're not on Windows and /dev/urandom is readabale
* (i.e. we're not in a chroot jail)
* - Special case:
* - If we're not on Windows, but the PHP version is between
* 5.6.10 and 5.6.12, we don't want to use mcrypt. It will
* hang indefinitely. This is bad.
*/
if (
!is_callable('random_bytes')
@ -130,8 +146,6 @@ if (PHP_VERSION_ID < 70000) {
PHP_VERSION_ID >= 50307
&&
extension_loaded('mcrypt')
&&
(DIRECTORY_SEPARATOR !== '/' || $RandomCompatUrandom)
) {
// Prevent this code from hanging indefinitely on non-Windows;
// see https://bugs.php.net/bug.php?id=69833
@ -145,6 +159,10 @@ if (PHP_VERSION_ID < 70000) {
}
$RandomCompatUrandom = null;
/**
* This is a Windows-specific fallback, for when the mcrypt extension
* isn't loaded.
*/
if (
!is_callable('random_bytes')
&&